Filtered by vendor Kde
Subscribe
Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0396 | 1 Kde | 2 Dcopserver, Desktop Communication Protocol Daemon | 2025-04-03 | 2.1 LOW | N/A |
| Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process." | |||||
| CVE-2005-1920 | 2 Debian, Kde | 2 Debian Linux, Kde | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | |||||
| CVE-2005-0365 | 1 Kde | 1 Kde | 2025-04-03 | 2.1 LOW | N/A |
| The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1046 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | |||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
| CVE-2000-0530 | 2 Caldera, Kde | 2 Openlinux, Kde | 2025-04-03 | 7.2 HIGH | N/A |
| The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. | |||||
| CVE-2004-1491 | 4 Gentoo, Kde, Opera and 1 more | 4 Linux, Kde, Opera Browser and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. | |||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | |||||
| CVE-2005-3624 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. | |||||
| CVE-2003-0592 | 1 Kde | 2 Konqueror, Konqueror Embedded | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2006-2916 | 2 Kde, Linux | 2 Arts, Linux Kernel | 2025-04-03 | 6.0 MEDIUM | 7.8 HIGH |
| artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | |||||
| CVE-1999-1106 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | |||||
| CVE-2003-0988 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | |||||
| CVE-2000-0918 | 1 Kde | 1 Kvt | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. | |||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2025-04-03 | 2.1 LOW | N/A |
| KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | |||||
| CVE-2000-0371 | 1 Kde | 1 Kde | 2025-04-03 | 1.2 LOW | N/A |
| The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | |||||
| CVE-1999-1269 | 1 Kde | 1 Kde Beta 3 | 2025-04-03 | 2.1 LOW | N/A |
| Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. | |||||
| CVE-2003-0692 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. | |||||